- Home
- Detectable Ransomware
- WannaCash
Ransomware Research
WannaCash Ransomware
WannaCash is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on March 1, 2019, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: WannaCash NextGen, WannaCash 2.0.
Quick Facts
- Ransomware Family
- WannaCash
- First Seen
- March 1, 2019
- Known Aliases
- WannaCash NextGenWannaCash 2.0
How WannaCash Ransomware Works
Targeted Files
https://app.any.run/tasks/e2e71ce6-2b34-4d62-b441-1188cb8d2e39/ https://app.any.run/tasks/d9568274-6cd2-4502-8644-563534807588/ https://app.any.run/tasks/2807f1d7-c499-4347-a4a8-82a46461ad80/ https://app.any.run/tasks/175b00d9-0858-474e-afaf-854ba032e66e/ https://www.hybrid-analysis.com/sample/5d178be58d8588c9b7460343f6c8a6fa8d0fd554df6450ab0beec905052371a0/5dda51f544561379146913db Packs files to ZIP with password -> Файл зашифрован [core.py] .zip encrypted(Документ Microsoft Word (2).docx)
File Encryption Patterns
WannaCash modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..wannacash
..punisher
..happy new year
Prefixes added to encrypted files:
encrypted(
Файл зашифрован
Ransom Note and Payment Demands
After encrypting files, WannaCash displays ransom notes demanding payment for file recovery:
как расшифровать файлы.txt
Ransom message:
notes/как расшифровать файлы.txt
Note locations:
UserFolders
Temp
Contribution.txt
Ransom message:
notes/Contribution.txt
Contribution.txt
Technical Indicators
Associated Executable Files
The following executable files are associated with WannaCash ransomware:
Ключи_активации_на_365.exe
Ключи активации на 365.exe
Ключи активации на 365 дней.exe
Ключи активации на 365 дней-2010.exe
dobro
hostsss.exe
eset keys [до 06.06.2020].exe
egui.exe
EGUIS.EXE
Ключи для ESET[all versions] на 365 дней.exe
ESETNOD.exe
egui.exe, eguis_upx.exe
Ключи активации на год_.exe
Elastio Can Help You
Don't let WannaCash ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This WannaCash ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like WannaCash.
Last updated: July 30, 2025